Refreshing Thoughts From The NSA

Bruce Schneier recently blogged an interesting quote from testimony given by the director of the NSA. It’s worth sharing:

The lesson of 9/11 is that we are losing protection by too much secrecy. The risk is that by keeping information secret, we make ourselves vulnerable. The risk is that when we keep our vulnerabilities secret, we avoid fixing them. In an open society, it is only by exposure that problems get fixed. In a distributed information networked world, secrecy creates risk — risk of inefficiency, ignorance, inaction, as in 9/11. As the saying goes in the computer security world, when the bug is secret, then only the vendor and the hacker know — and the larger community can neither protect itself nor offer fixes.

I’m glad that guy’s in charge, and I hope he gets the chance to make some changes in how we as a country operate.